| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 | 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 24× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× 2× | /** * @file config.js * @desc Reads config.ini files */ 'use strict'; var _ = require('lodash'), fs = require('fs'), logger = require(__dirname + '/loggers/logger'), configReader = require(__dirname + '/../pnr-common/lib/node/configReader'), exec = require('child_process').exec; /** * @function config * @desc Return application config object * * @param {boolean} force reload of config * * @returns {object} */ var config = (function() { var pnrConfig = configReader([ '/etc/pnr/local_config.ini', '/etc/pnr/runtime_config.ini', '/etc/pnr/launch_config.ini', '/etc/pnr/default.ini', __dirname + '/../config/config.ini']); var safeviewHome = pnrConfig.pnr_enforcement.safeview_home; Iif (!safeviewHome) { safeviewHome = '/opt/safeview'; } Iif (pnrConfig.pnr_enforcement.mode === 'pnr') { pnrConfig.runtimeContext = 'pnr'; logger.info('PNR Enforcement mode set to "pnr"...ignoring safeview config'); return pnrConfig; } var safeviewIni = safeviewHome + '/service/conf/safeview.ini'; Iif (!fs.existsSync(safeviewIni)) { logger.error('Mode expects safeview config, but cannot find config files..' + 'running in pnr mode'); pnrConfig.runtimeContext = 'pnr'; return pnrConfig; } // we can still run in safeview only mode if mode is set to safeview Eif (pnrConfig.pnr_enforcement.mode === 'dual') { pnrConfig.runtimeContext = 'dual'; } else { pnrConfig.runtimeContext = 'safeview'; } logger.info('Found ' + safeviewIni + ' file'); logger.info('PNR Enforcement mode is set to "' + pnrConfig.runtimeContext + '"'); // Note: in dual mode, the safeview configuration takes precedence over the pnr // configuration attributes. For example, the safeview redis is preferred // over pnr's. // The list of ini files and order of the files are available in // safeview repo - 'safeview/lib/safly/config.py' var svConfig = configReader(['/etc/safeview/conf/build.ini', '/etc/menlo/conf/safeview_runtime.ini', '/etc/safeview/conf/safeview_instance.ini', '/run/safeview/conf/safeview_mode.ini', '/run/safeview/conf/safeview_deployment.ini', safeviewIni]); Iif (!svConfig) { logger.warn('Error loading safeview configs.'); return pnrConfig; } //Running in Safeview context var svPnrConfig = svConfig['policy-enforcement-server']; var svPnrRedis = svConfig.reporting; var keysToCopy = ['policy_server_hostname', 'druid_logging_hostname', 'druid_tunnel_hostname', 'druid_user', 'druid_key', 'zookeeper_tunnel_hostname', 'zookeeper_user', 'zookeeper_key', 'zookeeper_port', 'pnr_runtime_config', 'kafka_port', 'local_config_path']; // Needed for content inspection _.assign(pnrConfig.safefile, svConfig.safefile); // Needed for sandbox content inspection - specifically the license_string Iif (!pnrConfig.dashboard) { pnrConfig.dashboard = {}; } _.assign(pnrConfig.dashboard, svConfig.dashboard); pnrConfig.forensic = svConfig.forensic; Eif (svConfig && pnrConfig.system_settings.deployment === 'on_prem') { pnrConfig.authentication = svConfig.authentication && { saml_enabled: svConfig.authentication.saml_enabled, saml_enabled_readonly: svConfig.authentication.saml_enabled_readonly }; } Eif (svPnrConfig && svPnrRedis) { var pnrNet = pnrConfig.networking; pnrNet.pnr_enforcement_host = svPnrConfig.host; pnrNet.pnr_enforcement_port = svPnrConfig.port; _.forEach(keysToCopy, function (key) { pnrNet[key] = svPnrConfig[key]; }); pnrConfig.system_settings.s3_path = svPnrConfig.s3_path; pnrConfig.internal = svConfig.internal; pnrConfig.system_config.timezone = svConfig.system_config.timezone; pnrConfig['redis-sv'] = svConfig['redis-sv']; pnrConfig['redis-sentinel'] = svConfig['redis-sentinel']; pnrNet.local_redis_host = svPnrRedis.redis_server_hostname; pnrNet.redis_port = svPnrRedis.redis_server_port; pnrNet.redis_password = svPnrRedis.redis_server_password; pnrNet.syslog_port = svConfig.reporting.session_syslog_port; pnrNet.syslog_host = svConfig.reporting.session_syslog_host; pnrNet.syslog_protocol = svConfig.reporting.session_syslog_protocol; pnrNet.syslog_format = svConfig.reporting.session_syslog_format; Eif (pnrConfig.system_settings.deployment === 'on_prem') { // These settings are controlled by CMR in on-prem deployments, and are // stored in safeview_runtime.ini pnrNet.policy_server_enabled = svConfig.networking.policy_server_enabled; pnrNet.policy_server_hostname = svConfig.networking.policy_server_hostname; pnrNet.policy_server_port = svConfig.networking.policy_server_port; pnrNet.verify_policy_server_cert = svConfig.networking.verify_policy_server_cert; pnrConfig.pnr_policy.root_secret = svConfig.pnr_policy.root_secret; Eif (svConfig.fluentd) { pnrConfig.fluentd.enabled = !!svConfig.fluentd.enabled; } } } // NOTE: dmidecode requires root privilege, this needs to be addressed for PNR-1462 exec('dmidecode -s system-uuid', function(error, stdout) { Iif (error) { logger.error('Error getting system uuid', error); return; } pnrConfig.system_uuid = stdout.trim(); }); return pnrConfig; })(); module.exports = config; |